<?php
/**
 * verfy.php - verfy function
 *
 * NMIT BIT Project - Infinity - A 3D Website using WebGL & HTML5 Technology
 * Infinity Grid Version 
 * Version: 1.0 Beta 2
 *
 * Infinity - Login function test
 *
 * Author: William Liu <qzliuyuzou@gmail.com> <lyzdev@gmail.com>
 *
 * Required Server Version:
 *  PHP5 or higher
 *  MySQL 5 or higher
 *
 * Required Browser Version:
 *  Google Chrome 9 or higher
 *  Mozilla Firefox 4 Beta or higher
 *  *Apple Safari
 *
 * Copyright (c) 2011, William Liu All rights reserved.
 * Infinity is an open source 3D website project
 * Under Apache License 2.0
 * http://www.lyzsoft.cn
 * http://7cloud.wordpress.com
 *
 * User level
 * 1 = normal user
 * 5 = administrator
 ******
 * User enable
 * 0 = disable
 * 1 = enable
 *
 * Project Starting date: 9/3/2011
 * Update Date 1: 6/4/2011
 * Update Date 2: 26/4/2011
 * Update Date 3: 4/5/2011
 * Update Date 4: 5/5/2011
 * Update Date 5: 6/5/2011
 * Update Date 6: 7/5/2011
 * Update Date 7: 9/5/2011
 * Update Date 8: 5/6/2011 - Beta 2
 *
**/


//Initialize session
session_start();

//file include check
define('INCLUDE_CHECK',1);
require_once('connection.php');

//Check database connection
@mysql_connect($db_host, $db_user, $db_pass)
or die("Database Connection Fail!");  
@mysql_select_db($db_name) 
or die("The Database is not available!");
?>

<!DOCTYPE html>
<head>
<meta charset="utf-8">
<title>Infinity - Administration</title>
<link rel="stylesheet" type="text/css" href="style.css"/>
</head>

<body>
<div id="header">
   <div id="logo"><h1>
   <a href="index.php" title="Welcome to Infinity">Infinity</a>
   </h1></div>
</div>

<?php
//get user input from admin.php 
$username = $_POST['username'];  
$password = $_POST['password']; 
 
//SQL query and get session value
$userCheckQuery = @mysql_query("select username, user_level from users "."where username = '$username' and password = '$password'") 
or die("SQL query fail!");

//Determine whether the username and password correct
if($userCheck = mysql_fetch_array($userCheckQuery))
{
    //Determine user right/lvl, 0 and 1 is available
	// 1 = normal user
	// 5 = administrator
    if($userCheck['user_level'] == 1 || $userCheck['user_level'] == 5)
    {
        $_SESSION['username'] = $userCheck['username'];
        $_SESSION['user_Level'] = $userCheck['user_level'];
        //header ("Location: admin.php");
		echo "<script>url=\"admin.php\";window.location.href=url;</script>";
    }
	//user right/lvl is invalid
    else
    {  
        echo "User level is invalid!";
		//page jump
    	echo "<script language=\"JavaScript\">window.setTimeout(\"window.location.href=\'index.php\'\", 3000); </script>";
    }  
}   
else
{
	echo "User name or Password wrong!";
	//page jump
    echo "<script language=\"JavaScript\">window.setTimeout(\"window.location.href=\'admin.php\'\", 3000); </script>";
	exit;
}  
?>

<div id="footer">
    <p>Powered by William</p>
</div>
</body>
</html>